Warning! UP government websites may damage your computer

Every attempt to access these sites through Google comes with a message in bold letters: “Warning — visiting this website may harm your computer.”

It adds: “The site is listed as suspicious because malicious software is being downloaded or installed without the user’s consent from these sites.” The message goes on to give a detailed explanation about the problem. It says the website of the state

government’s information department was infected first and through this the attackers found their way into the server of the UP government’s main site and then to the other subsidiary sites.

“The information department site appeared to function as an intermediary for the infection of two site(s) including upgov.nic.in and upcmo.up.nic.in,” reads the message on Google’s warning page.

The NIC, however, is not aware that the websites of the state government and chief minister office have been infected too. It is only aware of the information department’s website, which it has deactivated for cleaning.

S B Singh, Senior Technical Director and also the State Information Officer of the NIC, told The Indian Express: “It is a routine process for us. We received a warning about the information department’s site from our Delhi office and it has been blocked. No one has informed us about the UP government’s site or the chief minister office site. We may have to look into the matter.”

Asked if these sites have been hacked, the NIC office ruled out the possibility. “This cannot exactly be called hacking. A hacker blocks the content of the actual site and puts his own. This seems to be a case of what we call sequel injection attack. It is a problem of injecting some malicious command by an attacker,” said an official.

According to cyber security experts, sequel injection attacks are also a handiwork of hackers. For a sequel injection attack, the attackers use webpages that have active content, like feedback forms, which allow the visitors to submit their own text on the website. If these active contents are not filtered properly, it gives the attackers a chance to inject malicious commands into the website through a text format. This way, the attackers can also gain control over the database of the website. The sequel commands injected by the attackers may include viruses and such commands that can harm the computers of visitors.

Experts say a sequel injection becomes effective when web applications do not validate or filter the information posted by the visitors.

It is for this reason that the NIC has issued guidelines for state offices not to put such active formats — especially forms that can easily allow visitors to enter their own text — on their websites without validation. Some of UP government websites, however, did not follow these guidelines and had active feedback forms. Officials claimed that the problem would be sorted out in the next few days.

How sequel injection attacks work

The attacker enters webpages that have active content, like feedback forms, which allow the visitors to submit their own text on the website

If active forms are not screened properly, the attacker injects malicious commands into the website through a text

The attacker then gain control over the website’s database and also the server

The attacker includes virus or other commands in the “sequel commands”, which can make their way to a visitor’s computer, thereby making it vulnerable